Fun with Paypal’s automated email system

The other day I got a dodgy looking email from Paypal, which told me that on {nothing} my bank account {nothing} did {nothing}. Now, I’m fully aware of phishing and all the assorted scams, but this one looked legit. A quick review of the message headers revealed it looked good, and nothing in the email suggested that it was an attempt at scamming me out of my login details. So I figured, what the heck, I’ll report it to Paypal, and see what happens.

Hi

I received an email from you today, which in summary said this:

“On , we attempted to transfer from your bank account, ending in . This
transfer was returned by your bank on for the reason below:

There was a bank processing error.

As a result, this bank account has been removed from your
PayPal account.”

This is obviously not helpful as there is no useful information in the email. Also, I checked my Paypal account, and the only bank account I have
added to it, is still there.

Please confirm exactly what is going on.

Thanks.

Fair enough?

I got a very prompt response:

Dear Matt Thornton,

Hi my name is Anne. Thank you for contacting PayPal and I appreciate the opportunity to assist you with your questions. I hope you are doing well upon reading this email.

Mr Thornton, thanks for reporting the suspicious message you received. Kindly take your time to forward it to ‘spoof@paypal.com’

The email you forwarded to us is a spoof, also known as a phishing, email.
(That’s “phishing,” as in “fishing” for personal information.) Our Trust & Safety team is working to disable any Web sites it links to.

You can help verify that a message was sent through our member-to-
member system by checking My eBay. Any message sent to you through this
system will appear there. However, keep in mind that it is possible for other
members to send spoofs and spam through this system. We will take
action against members who do this. That’s why it’s so important for you to
forward suspicious messages to us, and to never share your password or
private financial information over email.

In My Messages, you’ll also find copies of emails we send you about
the status of your account or changes to your account information. This is
especially helpful since many spoof emails try to convince you that
your account is in jeopardy.

For more information on how to protect your account, go to the
Security Center.

Keep those reports coming — you’re helping protect the global
Internet
community! Our Trust & Safety team works closely with Internet Service
Providers to shut down fraudulent sites. We also send your reports
to Web
browser companies so that they can develop tools to identify phishing
sites.

I hope this information helps. Please do not be hesitant to be in
contact
with us should you encounter any difficulty further in respect to this
issue or should you be in need of assistance on your PayPal account.

Thank you for contacting PayPal. We appreciate your business with us.

Sincerely,
Anne
PayPal European Services
PayPal, an eBay Company

I was immediately suspicious that this was not in fact a real person called Anne talking to me, but instead a computer program, that scans my email for keywords, and creates a response. So I replied:

Hi,

Thanks for your prompt reply. I will forward the email to the address
you quoted, however, I am quite sure it is not an attempt at phishing.
All of the headers of the address are legitimate, and nowhere in the
email does it attempt any of the usual phishing practices, such as
trying to persuade me to login to my account or capture my details.
Indeed, it even quotes a transaction that appears valid in my Paypal
account.

It would certainly appear to be a system error of some sort at your
end, and I would be grateful if you could investigate it further.

Yours sincerely,

Matt Thornton

Fair enough? I duly sent the email to the spoof address, and then received this reply:

Dear Matt Thornton,

Thank you for contacting PayPal. I appreciate the opportunity to assist you
today.

I am Jay-R and I will do my very best to make sure that you get all the
required help regarding your concern.

Please excuse the delay in our response as we are dealing with an unusual
large number of email enquiries at the moment.

Upon reading your email, I understand that you’re enquiring about wanting
to investigate the email that you have received.

On a personal level, please accept my apologies for the inconvenience this
may have caused you.

Mr. Thornton, I would suggest that you forward the email you have received
for us be able to further check your concern.

Once we have received your forwarded email, I can assure you that we will
give high priority on this concern and we will notify you once we have
finished checking your concern.

You may forward that email to www.spoof@paypal.com.

I hope I was able to help you today with your concern. To serve and assist
you is my top priority.

Please email us back for further assistance.

Sincerely,

Jay-R
PayPal European Services
PayPal, an eBay Company

This time it is “Jay-R” that is happy to talk to me. But if you compare the two responses, they look awfully similar, particularly as “he” has completely ignored all the points I raised about it probably not being phishing at all.

I responded:

Are you a real person or a computer pretending to be one?

And the response I got:

Dear Matt Thornton,

Thank you for contacting PayPal. My name is Cristine. It is a pleasure to
assist you with your concern.

Mr Thornton, please be advised that we are real people. We are happy to
assist you with your queries.

I am always inclined to be of service to you should you deem it necessary.

If you feel that this information is not enough or if you have other
concerns that need immediate assistance, please let us know by replying to
this email or contacting our Customer Support Representatives at 087 307
191 and we willbe delighted to assist you further.

Thank you for contacting PayPal. We appreciate your business with us.

Take care and all the best.

Sincerely,
Cristine
PayPal European Services
PayPal, an eBay Company

So there you have it. I’m not convinced, as it would be incredibly simple to set the AI part of the response system to check for this sort of a question. There are still far too many similarities within their various responses (ignoring the fact that any real person in this sort of position would of course be reading from a script).

My point? Well, I don’t really have one, but then I’m sure that mine’s not the only blog out there talking about random, pointless and ultimately quite boring stuff.

1 Comment

  1. I was once a PayPal Customer Support rep answering both phone and email contacts and although this was the standard operating procedure in responding to emails (we had templates), sometimes it really gets annoying when my colleagues answer customers (you) in this way, like it came from a robot/computer.

    I know it’s so frustrating to get almost the same responses in canned messages (not to mention being passed around by different agents), but sometimes the best way to make sure you have your account checked is to call by phone, as the agents can see your account real-time to check for any suspicious activities.

Leave a Reply

Your email address will not be published.


*